Ubuntu 943-1: Thunderbird vulnerabilities

    Date06 Jul 2010
    CategoryUbuntu
    89
    Posted ByLinuxSecurity Advisories
    Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) [More...]
    ===========================================================
    Ubuntu Security Notice USN-943-1              July 06, 2010
    thunderbird vulnerabilities
    CVE-2010-1121, CVE-2010-1196, CVE-2010-1199, CVE-2010-1200,
    CVE-2010-1201, CVE-2010-1202, CVE-2010-1203
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      thunderbird                     3.0.5+build2+nobinonly-0ubuntu0.10.04.1
    
    After a standard system update you need to restart Thunderbird to make
    all the necessary changes.
    
    Details follow:
    
    Martin Barbella discovered an integer overflow in an XSLT node sorting
    routine. An attacker could exploit this to overflow a buffer and cause a
    denial of service or possibly execute arbitrary code with the privileges of
    the user invoking the program. (CVE-2010-1199)
    
    An integer overflow was discovered in Thunderbird. If a user were tricked
    into viewing malicious content, an attacker could overflow a buffer and
    cause a denial of service or possibly execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2010-1196)
    
    Several flaws were discovered in the browser engine of Thunderbird. If a
    user were tricked into viewing a malicious site, a remote attacker could
    cause a denial of service or possibly execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
    CVE-2010-1202, CVE-2010-1203)
    
    If was discovered that Thunderbird could be made to access freed memory. If
    a user were tricked into viewing a malicious site, a remote attacker could
    cause a denial of service or possibly execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2010-1121)
    
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1.diff.gz
          Size/MD5:    92823 0ca46ffd047f5f7cee484fff9e8af23b
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1.dsc
          Size/MD5:     2412 aca8b9b2dbfb307db4431919947a7937
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly.orig.tar.gz
          Size/MD5: 60882290 1a1a88e927a9a88bbe7ebcebf823dee8
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
          Size/MD5: 64108820 3aa916caba6c99731e7d32be86288dc3
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
          Size/MD5:  5242210 4126c9df835aeb3a9c07843563006c68
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
          Size/MD5:   148928 0bcd99b6b523fac6b42dcbb7f24dff01
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
          Size/MD5:     9290 ad02f8df355f77c9b1add63163cbc788
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_amd64.deb
          Size/MD5: 11378952 1ea590db0e17e3a60463ac04d0515b80
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
          Size/MD5: 64452942 eaec764f36f6c8f028a896b5392c3737
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
          Size/MD5:  5307796 dafaff64a67a27a702a6f865c14445ff
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
          Size/MD5:   148118 39c67bfe1a78134d37c8ae7aeec002bb
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
          Size/MD5:     9292 178054e4f82c37056f11ea499e37c4e2
        http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_i386.deb
          Size/MD5: 10408506 c18e02729a25128e676165df459f969f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
          Size/MD5: 67079046 b99a348ef7df5d8ab2daa6995b3e9eed
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
          Size/MD5:  5238246 0f540c21b92bb8730631c8d048763890
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
          Size/MD5:   153294 6b87239a25c174184dd5681f4d90b30c
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
          Size/MD5:     9294 196d8ddb2fd3b1d9f987814f4008fc87
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_powerpc.deb
          Size/MD5: 11260620 dab912c76ddc41ba98eaadbfb051aeb4
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
          Size/MD5: 63631670 2b5550e2e5dbe85b9c5f3bd106e9043a
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
          Size/MD5:  5216964 c22473ed591e05898a660d1b84a93e7a
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support-dbg_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
          Size/MD5:   144236 a583a67a7e172036d31350e393a12469
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-support_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
          Size/MD5:     9296 3c1023ab76f0e7dad38055468fbf8911
        http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_3.0.5+build2+nobinonly-0ubuntu0.10.04.1_sparc.deb
          Size/MD5: 10514780 30417d9d956648a4f15d645171edb401
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.